package com.vnt.security;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
//开启全局方法安全性
@EnableGlobalMethodSecurity(prePostEnabled=true, securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception{
        return super.authenticationManagerBean();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("http");
        http.formLogin()
                //.loginProcessingUrl("/login")
                // 自定义登录页面,由于是前后端分离系统,这里指定自定义登录页面也就没必要了,因为登录页面是前端提供的
                //.loginPage("/login.html")
                // 登录成功后跳转页面
                .successForwardUrl("/doMain")
                // 失败后跳转的页面 通过 controller
                .failureForwardUrl("/toError")
        ;


        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/login","/showLogin","/toMain","/toError","/pages/**","/oauth/**","/user/**","/order/**")
                .permitAll()
                .antMatchers("/role/list").hasAuthority("admin")
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated().and().headers().frameOptions().disable();
    }

}
